From July on, Chrome will brand plain old HTTP as “Not secure”

by
Peter Bright
from Ars Technica - All content on (#3FH3Z)
padlock-800x533.jpg

Enlarge (credit: Indigo girl)

As more and more websites offer access over encrypted HTTPS, Chrome will soon brand any site served up over plain, unencrypted HTTP as "Not secure." Chrome 68, due for release in July, will start sticking the "Not secure" label in the address bar, as a counterpart to the "Secure" label and padlock icon that HTTPS sites get.

This is a continuation of a change made in January of last year where Chrome would brand HTTP sites with password forms as being "Not secure."

not-secure-label-640x231.png

How the "Not secure" label will appear. (credit: Google)

Google says that 81 of the top 100 sites on the Web default to HTTPS and that 68 percent of Chrome traffic on Android and Windows uses HTTPS. As such, non-secure HTTP is becoming the exception, not the rule, justifying the explicit call-out. While HTTPS once required expensive certificates, projects such as Let's Encrypt have made it easy to add HTTPS to just about any site at zero cost.

Read on Ars Technica | Comments

index?i=BwkQp1-vF-s:_T0NfV6NfKY:V_sGLiPB index?i=BwkQp1-vF-s:_T0NfV6NfKY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments